what you don't know can hurt you
Showing 1 - 25 of 14,706 RSS Feed

Arbitrary Files

Ubuntu Security Notice USN-4987-1
Posted Jun 11, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4987-1 - It was discovered that ExifTool did not properly sanitize user data for the DjVu file format. An attacker could use this vulnerability to cause a DoS or possibly execute arbitrary code.

tags | advisory, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-22204
MD5 | 0f6aa21e3994b529d9e4f766ebc03576
Ubuntu Security Notice USN-4971-2
Posted Jun 10, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4971-2 - USN-4971-1 fixed several vulnerabilities in libwebp. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary, vulnerability
systems | linux, ubuntu
advisories | CVE-2018-25009, CVE-2018-25013, CVE-2020-36330
MD5 | b82d64cb41adba3b71d4830ad200f0c4
GravCMS 1.10.7 Arbitrary YAML Write / Update
Posted Jun 10, 2021
Authored by Mehmet Ince, legend

GravCMS version 1.10.7 unauthenticated arbitrary YAML write/update exploit. This is a variant exploit of the original discovery made by Mehmet Ince in April of 2021.

tags | exploit, arbitrary
MD5 | d339a4b0bbbddf85756e2cdfe1e8e8ed
Internet Explorer jscript9.dll Memory Corruption
Posted Jun 9, 2021
Authored by Ivan Fratric, Google Security Research

There is a vulnerability in jscript9 that could potentially be exploited to execute arbitrary code when viewing an attacker-controlled website in Internet Explorer. The vulnerability has been confirmed on Windows 10 64-bit with the latest security patches applied.

tags | exploit, arbitrary
systems | windows
advisories | CVE-2020-1380, CVE-2021-31959
MD5 | 7bf1477df1aec690e996f9ebbce9b10c
SQLMAP - Automatic SQL Injection Tool 1.5.6
Posted Jun 8, 2021
Authored by Bernardo Damele | Site sqlmap.org

sqlmap is an open source command-line automatic SQL injection tool. Its goal is to detect and take advantage of SQL injection vulnerabilities in web applications. Once it detects one or more SQL injections on the target host, the user can choose among a variety of options to perform an extensive back-end database management system fingerprint, retrieve DBMS session user and database, enumerate users, password hashes, privileges, databases, dump entire or user's specified DBMS tables/columns, run his own SQL statement, read or write either text or binary files on the file system, execute arbitrary commands on the operating system, establish an out-of-band stateful connection between the attacker box and the database server via Metasploit payload stager, database stored procedure buffer overflow exploitation or SMB relay attack and more.

Changes: Minor release with no notes in the changelog.
tags | tool, web, overflow, arbitrary, vulnerability, sql injection
systems | unix
MD5 | 5d549a9d48f57591c03e5e02ad82cd9f
Ubuntu Security Notice USN-4937-2
Posted Jun 7, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4937-2 - USN-4937-1 fixed a vulnerability in GNOME Autoar. The update caused a regression when extracting certain archives. This update fixes the problem. Ondrej Holy discovered that GNOME Autoar could extract files outside of the intended directory. If a user were tricked into extracting a specially crafted archive, a remote attacker could create files in arbitrary locations, possibly leading to code execution. Various other issues were also addressed.

tags | advisory, remote, arbitrary, code execution
systems | linux, ubuntu
MD5 | 56203d8395d3d051ed05e8cd62776087
Ubuntu Security Notice USN-4983-1
Posted Jun 4, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4983-1 - Piotr Krysiuk discovered that the eBPF implementation in the Linux kernel did not properly enforce limits for pointer operations. A local attacker could use this to cause a denial of service or possibly execute arbitrary code. Piotr Krysiuk and Benedict Schlueter discovered that the eBPF implementation in the Linux kernel performed out of bounds speculation on pointer arithmetic. A local attacker could use this to expose sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, kernel, local
systems | linux, ubuntu
advisories | CVE-2021-29155, CVE-2021-31829, CVE-2021-33200, CVE-2021-3501
MD5 | 18944e6d71f08e1228485e41148d89d4
Ubuntu Security Notice USN-4978-1
Posted Jun 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4978-1 - Multiple security issues were discovered in Firefox. If a user were tricked into opening a specially crafted website, an attacker could potentially exploit these to cause a denial of service, re-enable camera devices without an additional permission prompt, spoof the browser UI, or execute arbitrary code. It was discovered that filenames printed from private browsing mode were incorrectly retained in preferences. A local attacker could potentially exploit this to obtain sensitive information. Various other issues were also addressed.

tags | advisory, denial of service, arbitrary, local, spoof
systems | linux, ubuntu
advisories | CVE-2021-29959, CVE-2021-29960, CVE-2021-29966, CVE-2021-29967
MD5 | 01e79350aca3fc8a59ec16c81063b717
Ubuntu Security Notice USN-4975-1
Posted Jun 3, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4975-1 - It was discovered that the Django URLValidator function incorrectly handled newlines and tabs. A remote attacker could possibly use this issue to perform a header injection attack. This issue only affected Ubuntu 20.04 LTS, Ubuntu 20.10, and Ubuntu 21.04. Rasmus Lerchedahl Petersen and Rasmus Wriedt Larsen discovered that Django incorrectly handled path sanitation in admindocs. A remote attacker could possibly use this issue to determine the existence of arbitrary files and in certain configurations obtain their contents. Various other issues were also addressed.

tags | advisory, remote, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-32052, CVE-2021-33203, CVE-2021-33571
MD5 | 8ff3e55f0ad94b7ed7a4b571a6382af7
Cacti 1.2.12 SQL Injection / Remote Command Execution
Posted Jun 2, 2021
Authored by h00die, Leonardo Paiva, Mayfly277 | Site metasploit.com

This Metasploit module exploits a SQL injection vulnerability in Cacti versions 1.2.12 and below. An admin can exploit the filter variable within color.php to pull arbitrary values as well as conduct stacked queries. With stacked queries, the path_php_binary value is changed within the settings table to a payload, and an update is called to execute the payload. After calling the payload, the value is reset.

tags | exploit, arbitrary, php, sql injection
advisories | CVE-2020-14295
MD5 | 96f2d2ce45330fd71491a45ad435fbe4
Ubuntu Security Notice USN-4971-1
Posted Jun 1, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4971-1 - It was discovered that libwebp incorrectly handled certain malformed images. If a user or automated system were tricked into opening a specially crafted image file, a remote attacker could use this issue to cause libwebp to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2018-25009, CVE-2018-25013, CVE-2020-36330
MD5 | 5bf683a898c535b77a9103e8e89306ab
Ubuntu Security Notice USN-4968-2
Posted May 31, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-2 - USN-4968-1 fixed a vulnerability in LZ4. This update provides the corresponding update for Ubuntu 14.04 ESM and Ubuntu 16.04 ESM. It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
MD5 | f1c32f0c11f52077faf51bfa590dfe58
IPS Community Suite 4.5.4.2 PHP Code Injection
Posted May 31, 2021
Authored by EgiX | Site karmainsecurity.com

IPS Community Suite versions 4.5.4.2 and below suffer from a PHP code injection vulnerability. The vulnerability exists because the IPS\cms\modules\front\pages\_builder::previewBlock() method allows to pass arbitrary content to the IPS\_Theme::runProcessFunction() method, which will be used in a call to the eval() PHP function. This can be exploited to inject and execute arbitrary PHP code. Successful exploitation of this vulnerability requires an account with permission to manage the sidebar (such as a Moderator or Administrator) and the "cms" application to be enabled.

tags | exploit, arbitrary, php
advisories | CVE-2021-32924
MD5 | 1b4fb4e5987be3d21bd6ca2f13378d32
Ubuntu Security Notice USN-4967-2
Posted May 28, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-2 - USN-4967-1 fixed a vulnerability in nginx. This update provides the corresponding update for Ubuntu 14.04 ESM and 16.04 ESM. Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code. Various other issues were also addressed.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
MD5 | 80cc8e13b352e34dd9a56edc56696000
QNAP MusicStation / MalwareRemover File Upload / Command Injection
Posted May 28, 2021
Authored by polict | Site shielder.it

QNAP MusicStation and MalwareRemover are affected by arbitrary file upload and command injection vulnerabilities, leading to pre-authentication remote command execution with root privileges on the NAS.

tags | advisory, remote, arbitrary, root, vulnerability, file upload
advisories | CVE-2020-36197, CVE-2020-36198
MD5 | e0f4de64c7524a918a49796c1ab9986e
Ubuntu Security Notice USN-4968-1
Posted May 27, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4968-1 - It was discovered that LZ4 incorrectly handled certain memory operations. If a user or automated system were tricked into uncompressing a specially- crafted LZ4 file, a remote attacker could use this issue to cause LZ4 to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-3520
MD5 | b71409af01196b5e8a73a4a839432e0e
Ubuntu Security Notice USN-4967-1
Posted May 26, 2021
Authored by Ubuntu | Site security.ubuntu.com

Ubuntu Security Notice 4967-1 - Luis Merino, Markus Vervier, and Eric Sesterhenn discovered that nginx incorrectly handled responses to the DNS resolver. A remote attacker could use this issue to cause nginx to crash, resulting in a denial of service, or possibly execute arbitrary code.

tags | advisory, remote, denial of service, arbitrary
systems | linux, ubuntu
advisories | CVE-2021-23017
MD5 | b350ad62ada4bdd5b64bf7a6677cd315
Gentoo Linux Security Advisory 202105-37
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-37 - A vulnerability in Nextcloud Desktop Client could allow a remote attacker to execute arbitrary commands. Versions less than 3.1.3 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2021-22879
MD5 | c7630b6a9fdf5f2c71a54516e91e77d9
Gentoo Linux Security Advisory 202105-36
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-36 - Multiple vulnerabilities have been found in cURL, the worst of which could result in the arbitrary execution of code. Versions less than 7.77.0 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-22876, CVE-2021-22890, CVE-2021-22898, CVE-2021-22901
MD5 | 94180abd6fb5ce62d4b9cd723e72a93d
Gentoo Linux Security Advisory 202105-35
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-35 - Multiple vulnerabilities have been found in OpenSSH, the worst of which could allow a remote attacker to execute arbitrary code. Versions less than 8.5_p1 are affected.

tags | advisory, remote, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-14145, CVE-2021-28041
MD5 | 1dd240d43ba302be00dec5fbadf0f4d0
Gentoo Linux Security Advisory 202105-28
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-28 - Multiple vulnerabilities have been found in MariaDB, the worst of which could result in the arbitrary execution of code. Versions less than 10.5.10 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2021-2154, CVE-2021-2166, CVE-2021-2180, CVE-2021-27928
MD5 | c7a5a1e3b925ece6bf7fcd32de0bc0b3
Gentoo Linux Security Advisory 202105-27
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-27 - Multiple vulnerabilities have been found in MySQL, the worst of which could result in the arbitrary execution of code. Versions less than 8.0.24 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2019-2938, CVE-2019-2974, CVE-2020-14539, CVE-2020-14540, CVE-2020-14547, CVE-2020-14550, CVE-2020-14553, CVE-2020-14559, CVE-2020-14564, CVE-2020-14567, CVE-2020-14568, CVE-2020-14575, CVE-2020-14576, CVE-2020-14586, CVE-2020-14591, CVE-2020-14597, CVE-2020-14614, CVE-2020-14619, CVE-2020-14620, CVE-2020-14623, CVE-2020-14624, CVE-2020-14626, CVE-2020-14631, CVE-2020-14632, CVE-2020-14633, CVE-2020-14634
MD5 | b139d317926a806af6609e73f9dc58e1
Gentoo Linux Security Advisory 202105-26
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-26 - A vulnerability in SpamAssassin might allow remote attackers to execute arbitrary commands. Versions less than 3.4.5 are affected.

tags | advisory, remote, arbitrary
systems | linux, gentoo
advisories | CVE-2020-1946
MD5 | 6f041a27ba64ef8823cd5575e8091b3a
Gentoo Linux Security Advisory 202105-24
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-24 - Multiple vulnerabilities have been found in FFmpeg, the worst of which could result in the arbitrary execution of code. Versions less than 4.4 are affected.

tags | advisory, arbitrary, vulnerability
systems | linux, gentoo
advisories | CVE-2020-35964, CVE-2020-35965, CVE-2021-30123
MD5 | 124a1968bc93107aa7c773a0df12fa36
Gentoo Linux Security Advisory 202105-18
Posted May 26, 2021
Authored by Gentoo | Site security.gentoo.org

Gentoo Linux Security Advisory 202105-18 - A heap-based buffer overflow in LittleCMS might allow remote attackers to execute arbitrary code. Versions less than 2.10 are affected.

tags | advisory, remote, overflow, arbitrary
systems | linux, gentoo
advisories | CVE-2018-16435
MD5 | 8dbbe6e033d3c9fc8fc4ad16325376d3
Page 1 of 589
Back12345Next

File Archive:

June 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Jun 1st
    35 Files
  • 2
    Jun 2nd
    14 Files
  • 3
    Jun 3rd
    40 Files
  • 4
    Jun 4th
    22 Files
  • 5
    Jun 5th
    1 Files
  • 6
    Jun 6th
    1 Files
  • 7
    Jun 7th
    19 Files
  • 8
    Jun 8th
    14 Files
  • 9
    Jun 9th
    39 Files
  • 10
    Jun 10th
    20 Files
  • 11
    Jun 11th
    22 Files
  • 12
    Jun 12th
    0 Files
  • 13
    Jun 13th
    0 Files
  • 14
    Jun 14th
    0 Files
  • 15
    Jun 15th
    0 Files
  • 16
    Jun 16th
    0 Files
  • 17
    Jun 17th
    0 Files
  • 18
    Jun 18th
    0 Files
  • 19
    Jun 19th
    0 Files
  • 20
    Jun 20th
    0 Files
  • 21
    Jun 21st
    0 Files
  • 22
    Jun 22nd
    0 Files
  • 23
    Jun 23rd
    0 Files
  • 24
    Jun 24th
    0 Files
  • 25
    Jun 25th
    0 Files
  • 26
    Jun 26th
    0 Files
  • 27
    Jun 27th
    0 Files
  • 28
    Jun 28th
    0 Files
  • 29
    Jun 29th
    0 Files
  • 30
    Jun 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close